Solved

Remote access and secure data exchange

Posted on 2013-06-21
7
457 Views
Last Modified: 2013-06-24
Hi guys
Hope you can me out. I'm looking for some guidance on the following scenario.
My company recently went into partnership with a company that have Point of Sale systems and servers. My company want to retrieve data on POS and server and connect the figures to our financial system at head-quarters.

Issue number 1: We currently to not have control of POS and Servers. We do not software, anti-virus, patching etc on those machines as they are managed by other consultants.
Our application guys just want to create VPN between sites and allow those system to communicate through our firewall over specific ports. I don't think this is the best way to proceed.

Issue number 2: Headquarters want to access the POS to manage or troubleshoot systems on occasion. Would GotoAssist, NetSupport or WebEx be secure viable solutions for this?

Thank you in advance for your help. Any guidance for people that went through these types of things would relieve some stress over here...

CP
0
Comment
Question by:CProp
  • 3
  • 3
7 Comments
 
LVL 16

Assisted Solution

by:Michael Ortega (Internetwerx, Inc.)
Michael Ortega (Internetwerx, Inc.) earned 250 total points
Comment Utility
What POS are you referring to? Some POS systems have tools already developed to export financial data natively.

Lots of different ways to administer your systems. Bomgar and CommandCenter are appliance based systems that even target the POS/KIOSK markets.

MO
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
Comment Utility
Not sure why you think a VPN is a bad idea.  It's far better than any transmission over the internet.  You can also use the VPN tunnel for remote access in a secure manner.  No ports open to internet.

If you have a lot of units and techs, than a cost-effective tool is ScreenConnect.  For $3,000 you get an unlimited server license for any number of endpoints and techs and open sessions.  Any of the other tools will cost that much for just 2 or 3 techs.

I ran a demo server.  Remote connections were faster and clearer than TeamViewer, which is already faster and clearer than GoTo__, LogMeIn, and WebEx.

You can white-label or private-brand the server GUI.  Using MS Windows & Internet Explorer from the tech's workstation is the best experience.  You can scale the user's screen quickly.  No scrolling.  Multiple monitors are fine too.

I used it to connect to a workstation with a vertical 1920x1080 monitor plus a 2MP horizontal monitor.  The clarity was impressive.  Could see x-ray images without a lot of artifacting or banding.
0
 

Author Comment

by:CProp
Comment Utility
This is a good starting point for me
To answer the questions:
- The POS system is Pro-ShopKeeper from Club Prophet Systems.

Just a bit of clarification, I don't think the VPN is a bad idea per say. Encrypted tunnel is a good thing between 2 trusted sites.
I'm hesitant about doing this with a site where we don't control the end-point and the users that use those systems. They might install malware from malicious websites and VPN tunnel would be a vector into our organization.

Looking foward to your response

CP
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 32

Expert Comment

by:aleghart
Comment Utility
Tunnel can be limited at either end, and by service/port.  So, you could have access to their /24 network, and limit them to just your remote control server or patch server, etc.
0
 

Author Comment

by:CProp
Comment Utility
Maybe you are right. I might just being overly paranoid on that front.
I was looking at scenario about a malicious application that  tunnel through that service/port?
I know my boss will ask about that and I'm not sure about the risk.
Things like an reverse proxy or application firewall for deep packet inspection?

CP
0
 
LVL 32

Expert Comment

by:aleghart
Comment Utility
If you limit your endpoint to port 1001 at 10.0.0.1, then the only exposure is that host on only port 1001.  Attempts to reach any other host or any other port will be blocked by your VPN policy.

If any other party tries to make a VPN connection, they would need the correct tunnel config and pre-shared key...and would have to have an IP address that matches your policy.

If you ever need to disconnect a client, or decide to cease operations with a customer, either end can disable the tunnel, and there will be zero access.
0
 

Author Closing Comment

by:CProp
Comment Utility
Thanks guys, I really appreciated the quick response on this topic.

Chris
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now